Terraform-provider-azurerm: [3.14] Provider Registration fails in Azure DevOps

Created on 26 Sep 2019 · 3Comments · Source: terraform-providers/terraform-provider-azurerm

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureRM Provider) Version

Terraform v0.12.6
"azurerm" (hashicorp/azurerm) 1.34.0

Bug

When upgrading from "azurerm" (hashicorp/azurerm) 1.33.1 to "azurerm" (hashicorp/azurerm) 1.34.0 the following error occurs.

Error ensuring Resource Providers are registered: Cannot register provider Microsoft.BotService with Azure Resource Manager: resources.ProvidersClient#Register: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailed" Message="The client 'REDACTED' with object id 'REDACTED' does not have authorization to perform action 'Microsoft.BotService/register/action' over scope '/subscriptions/REDACTED' or the scope is invalid. If access was recently granted, please refresh your credentials."

It seems like 1.34 is trying to query more information.

Important Factoids

Running in Azure Devops with a ServicePrincipal. The SP has Contributor Access to all ResourceGroups it works with.

provider question

Source

Faaux

👍1

Most helpful comment

hi @Faaux

Thanks for opening this issue :)

Taking a look through it appears that whilst the Service Principal may have permission to the Resource Groups it's working with, it doesn't have permission to register Resource Providers - which are managed at the Subscriptions level.

Azure's concept of a Resource Provider requires that the Resource Provider is registered before any API's within that Resource Provider can be called. As such, rather than failing during an API call / to improve the user experience Terraform automatically attempts to register any Resource Providers that it supports by default - to ensure that the API's are available when they're needed; and since this list is stored within Terraform, we extend this list from time to time as Terraform is updated to support new functionality (provided in new Resource Providers) - as we've done in version 1.34.

If you'd prefer to manage Resource Provider Registration outside of Terraform (for example you're running in a restricted environment) - it's possible to opt-out of this behaviour by setting this field in the Provider block.

Since this is working as intended I'm going to close this issue for the moment - but please let us know if disabling this functionality doesn't work for you and we'll take another look.

Thanks!

tombuildsstuff on 26 Sep 2019

👍3

All 3 comments

hi @Faaux

Thanks for opening this issue :)

Since this is working as intended I'm going to close this issue for the moment - but please let us know if disabling this functionality doesn't work for you and we'll take another look.

Thanks!

tombuildsstuff on 26 Sep 2019

👍3

Thanks for the quick anwser, didnt know about it.

Faaux on 26 Sep 2019

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!